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What is claimed is: 

1. A method of grouping entries in a directory server, said directory server 
configured to contain roles, the method comprising the step of; 

assigning an entry to an enumerated role, whereby the entry can be selected by 
selecting all entries that possess the enumerated role. 

2. The method as in claim 1 wherein the enumerated role is possessed by an arbitrary 
number of entries. 

3. The method as in claim 1, further comprising the step of: 

if an entry that possesses the enumerated role is a nested role, then rejecting that 
entry without further processing of the entry. 

4. The method of claim 1, further comprising the step of: 

providing a set of expressions and boolean operations for use to match entries in a 
directory search. 

5. The method of claim 4, wherein the expressions comprise any one or more of 
operands connected by the operators, 

ec l ual = where an instance of the attribute exactly 



matches the value; 



contains 



* which is used as a wild card to allow presence check 

or partial matches; 

which is used in name searches; 



sounds like 



greater or equal 
less or equal 



>= which is used for numerical comparisons; 



<= which is used for numerical comparisons; 
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negation ! which is used to negate any expression; 

and & which is used to combine two expressions; and 

or I which is used to select from two expressions. 



6. An apparatus comprising: 

a directory server comprising: 

a first component configured to assign an entry to a first enumerated role, 
whereby the entry can be selected by selecting all entries that possess the enumerated 
role. 

7. The apparatus as in claim 6 wherein the first component assigns an arbitrary 
number of entries to said first enumerated role. 

8. The apparatus as in claim 6, further comprising: 

a second component coupled to the directory server configured to reject an entry 
without further processing if the entry that possesses the enumerated role is a nested role. 

9. The apparatus of claim 6, further comprising: 

a component to provide a set of expressions and boolean operations for use to 
match entries in a directory search. 

10. The apparatus of claim 9, wherein the expressions comprise any one or more of 
operands connected by the operators, 

equal = where an instance of the attribute exactly 

matches the value; 

contains * which is used as a wild card to allow presence check 

or partial matches; 
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sounds like 

greater or equal 

less or equal 

negation 

and 

or 



>= 

<= 

t 



which is used in name searches; 

which is used for numerical comparisons; 

which is used for numerical comparisons; 

which is used to negate any expression; 

& which is used to combine two expressions; and 

I which is used to select from two expressions. 
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